Ignite doesn’t ship with Spring Cloud, so no. There is a related vulnerability (CVE 2022-22965), which is in Spring Core. However,
> “In order to exploit the vulnerabilities, the following requirements must be > met: > > • JDK 9 or higher > • Apache Tomcat as the Servlet container > • Packaged as WAR > • spring-webmvc or spring-webflux dependency" (https://sysdig.com/blog/cve-2022-22965-spring-core-spring4shell/ <https://sysdig.com/blog/cve-2022-22965-spring-core-spring4shell/>) So, again, Ignite is not vulnerable. Having said that, if you perform an automated security scan it may flag it. > On 31 Mar 2022, at 08:24, Vishwas Bm <bmvish...@gmail.com> wrote: > > Hi All, > > Is ignite impacted by this critical vulnerability? > > https://securityboulevard.com/2022/03/cyrc-vulnerability-analysis-two-distinct-spring-vulnerabilities-discovered-spring4shell-and-cve-2022-22963/ > > > Regards, > Vishwas
